Class: Entitlements::Data::Groups::Calculated
- Inherits:
-
Object
- Object
- Entitlements::Data::Groups::Calculated
show all
- Includes:
- Contracts::Core
- Defined in:
- lib/entitlements.rb,
lib/entitlements/data/groups/calculated.rb,
lib/entitlements/data/groups/calculated/base.rb,
lib/entitlements/data/groups/calculated/ruby.rb,
lib/entitlements/data/groups/calculated/text.rb,
lib/entitlements/data/groups/calculated/yaml.rb,
lib/entitlements/data/groups/calculated/rules/base.rb,
lib/entitlements/data/groups/calculated/rules/group.rb,
lib/entitlements/data/groups/calculated/filters/base.rb,
lib/entitlements/data/groups/calculated/modifiers/base.rb,
lib/entitlements/data/groups/calculated/rules/username.rb,
lib/entitlements/data/groups/calculated/modifiers/expiration.rb,
lib/entitlements/data/groups/calculated/filters/member_of_group.rb
Defined Under Namespace
Classes: Base, Filters, Modifiers, Ruby, Rules, Text, YAML
Constant Summary
collapse
- C =
::Contracts
- FILE_EXTENSIONS =
{
"rb" => "Entitlements::Data::Groups::Calculated::Ruby",
"txt" => "Entitlements::Data::Groups::Calculated::Text",
"yaml" => "Entitlements::Data::Groups::Calculated::YAML"
}
Class Method Summary
collapse
common, extended, included
Class Method Details
.all_groups ⇒ Object
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
# File 'lib/entitlements/data/groups/calculated.rb', line 131
def self.all_groups
@groups_in_ou_cache.map do |ou_key, dn_in_ou|
if @config_cache.key?(ou_key)
[
ou_key,
{
config: @config_cache[ou_key],
groups: dn_in_ou.sort.map { |dn| [dn, @groups_cache.fetch(dn)] }.to_h
}
]
else
nil
end
end.compact.to_h
end
|
.filters_default ⇒ Object
Retrieve the filters in the format used as default / starting point in other parts of the program: { “filter_name_1” => :none, “filter_name_2” => :none }
Takes no arguments.
Returns a Hash in the indicated format.
260
261
262
|
# File 'lib/entitlements/data/groups/calculated.rb', line 260
def self.filters_default
@filters_index.map { |k, _| [k, :none] }.to_h
end
|
.filters_index ⇒ Object
250
251
252
|
# File 'lib/entitlements/data/groups/calculated.rb', line 250
def self.filters_index
@filters_index
end
|
.read(dn) ⇒ Object
50
51
52
53
|
# File 'lib/entitlements/data/groups/calculated.rb', line 50
def self.read(dn)
return @groups_cache[dn] if @groups_cache[dn]
raise "read(#{dn.inspect}) does not support calculation at this time. Please use read_all() first to build cache."
end
|
.read_all(ou_key, cfg_obj, skip_broken_references: false) ⇒ Object
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
# File 'lib/entitlements/data/groups/calculated.rb', line 65
def self.read_all(ou_key, cfg_obj, skip_broken_references: false)
return read_mirror(ou_key, cfg_obj) if cfg_obj["mirror"]
@config_cache[ou_key] ||= cfg_obj
@groups_in_ou_cache[ou_key] ||= begin
Entitlements.logger.debug "Calculating all groups for #{ou_key}"
Entitlements.logger.debug "!!! skip_broken_references is enabled" if skip_broken_references
result = Set.new
Entitlements.cache[:file_objects] ||= {}
path = Entitlements::Util::Util.path_for_group(ou_key)
Dir.glob(File.join(path, "*")).each do |filename|
if File.directory?(filename)
next
end
if Entitlements::IGNORED_FILES.member?(File.basename(filename))
next
end
file_without_extension = File.basename(filename).sub(/\.\w+\z/, "")
unless file_without_extension =~ /\A[\w\-]+\z/
raise "Illegal LDAP group name #{file_without_extension.inspect} in #{ou_key}!"
end
group_dn = ["cn=#{file_without_extension}", cfg_obj.fetch("base")].join(",")
options = { skip_broken_references: skip_broken_references }
Entitlements.cache[:file_objects][filename] ||= ruleset(filename: filename, config: cfg_obj, options: options)
@groups_cache[group_dn] = Entitlements::Models::Group.new(
dn: group_dn,
members: Entitlements.cache[:file_objects][filename].modified_filtered_members,
description: Entitlements.cache[:file_objects][filename].description,
metadata: Entitlements.cache[:file_objects][filename].metadata.merge("_filename" => filename)
)
result.add group_dn
end
result
end
end
|
.read_mirror(ou_key, cfg_obj) ⇒ Object
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
|
# File 'lib/entitlements/data/groups/calculated.rb', line 156
def self.read_mirror(ou_key, cfg_obj)
@groups_in_ou_cache[ou_key] ||= begin
Entitlements.logger.debug "Mirroring #{ou_key} from #{cfg_obj['mirror']}"
unless @groups_in_ou_cache[cfg_obj["mirror"]]
raise "Cannot read_mirror on #{ou_key.inspect} because read_all has not occurred on #{cfg_obj['mirror'].inspect}!"
end
result = Set.new
@groups_in_ou_cache[cfg_obj["mirror"]].each do |source_dn|
source_group = @groups_cache[source_dn]
unless source_group
raise "No group has been calculated for #{source_dn.inspect}!"
end
new_dn = ["cn=#{source_group.cn}", cfg_obj["base"]].join(",")
@groups_cache[new_dn] ||= source_group.copy_of(new_dn)
result.add new_dn
end
result
end
end
|
.register_filter(filter_name, filter_cfg) ⇒ Object
284
285
286
|
# File 'lib/entitlements/data/groups/calculated.rb', line 284
def self.register_filter(filter_name, filter_cfg)
@filters_index[filter_name] = filter_cfg
end
|
.register_rule(rule_name, clazz) ⇒ Object
272
273
274
|
# File 'lib/entitlements/data/groups/calculated.rb', line 272
def self.register_rule(rule_name, clazz)
@rules_index[rule_name] = clazz
end
|
.reset! ⇒ Object
Reset all module state
Takes no arguments
.rules_index ⇒ Object
240
241
242
|
# File 'lib/entitlements/data/groups/calculated.rb', line 240
def self.rules_index
@rules_index
end
|
.ruleset(filename:, config:, options: {}) ⇒ Object
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
|
# File 'lib/entitlements/data/groups/calculated.rb', line 194
def self.ruleset(filename:, config:, options: {})
unless filename =~ /\.(\w+)\z/
raise ArgumentError, "Unable to determine the extension on #{filename.inspect}!"
end
ext = Regexp.last_match(1)
unless FILE_EXTENSIONS[ext]
Entitlements.logger.fatal "Unable to map filename #{filename.inspect} to a ruleset object!"
raise ArgumentError, "Unable to map filename #{filename.inspect} to a ruleset object!"
end
if config.key?("allowed_types")
unless config["allowed_types"].is_a?(Array)
Entitlements.logger.fatal "Configuration error: allowed_types should be an Array, got #{config['allowed_types'].inspect}"
raise ArgumentError, "Configuration error: allowed_types should be an Array, got #{config['allowed_types'].class}!"
end
unless config["allowed_types"].include?(ext)
allowed_join = config["allowed_types"].join(",")
Entitlements.logger.fatal "Files with extension #{ext.inspect} are not allowed in this OU! Allowed: #{allowed_join}!"
raise ArgumentError, "Files with extension #{ext.inspect} are not allowed in this OU! Allowed: #{allowed_join}!"
end
end
clazz = Kernel.const_get(FILE_EXTENSIONS[ext])
clazz.new(filename: filename, config: config, options: options)
end
|
.to_h ⇒ Object
120
121
122
|
# File 'lib/entitlements/data/groups/calculated.rb', line 120
def self.to_h
@groups_cache
end
|